Subscription to the full report on a daily basis can be obtained:
Send an eMail to dhsdailyadmin@mail.dhs.osis.gov with the subject "DHS Daily Open Source Infrastructure Report" and the following line in the body...subscribe.
To obtain a complete copy of the current report proceed to the DHS link below.
To obtain reports more than 10 business days old, send an eMail to DHS_Reports@e-computer-security.com. Be specific as to the reports you wish to receive.

· Bank of
America agreed August 21 to pay $16.65 billion in a settlement with the U.S.
Department of Justice over the bank’s misrepresentation of risky
mortgage-backed securities to clients prior to the 2008 financial crisis. – Associated
PressSee item 4 below in the Financial
Services Sector

· The United
Parcel Service (UPS) announced August 20 that a security breach at 51 of its
UPS Stores in 24 States may have exposed the personal information, including
addresses and payment card information, of customers who completed transactions
between January 20 and August 11. – Computerworld

9.
August 20, Computerworld – (National) UPS
now the third company in a week to disclose data breach. The United Parcel
Service (UPS) announced August 20 that a security breach at 51 of its UPS
Stores in 24 States may have exposed the personal information, including
addresses and payment card information, of customers who completed transactions
between January 20 and August 11. An investigation found previously unknown
malware was installed on individual stores’ systems but did not affect wider
UPS networks. Source: http://www.computerworld.com/s/article/9250545/UPS_now_the_third_company_in_a_week_to_disclose_data_breach

· Incapsula
reported that a client experienced a distributed denial of service (DDoS)
attack that lasted 38 days between June 21 and July 28, used several attack
vectors, and peaked at over 110 Gbps.– Softpedia See item 24 below in the Information
Technology Sector

· One person
was killed, 9 others were injured, and at least 2 dozen people were potentially
displaced after an August 20 fire that begin on the main level of a 3-story
Brighton apartment building in Boston, Massachusetts, spread to an adjacent
home. – Boston Globe

4. August
21, Associated Press – (National) Bank of America agrees to
nearly $17B settlement. Bank of America agreed to pay $16.65 billion August
21 as part of an agreement to settle U.S. Department of Justice charges that
the bank and its subsidiaries misrepresented risky mortgage-backed securities
to clients prior to the 2008 financial crisis. The total includes a $5 billion
penalty, $4.6 billion in remediation, and around $7 billion in relief to homeowners
harmed by the bank’s practices. Source: http://abcnews.go.com/Politics/wireStory/apnewsbreak-bofa-reaches-17b-settlement-us-25055433

5. August
21, WOIO 19 Shaker Heights – (National) Two men indicted for $6.5
million investment fraud. The co-founders of Integrity Financial AZ LLC
were indicted for allegedly operating the company as an investment fraud scheme
that defrauded around 60 investors out of more than $6.5 million. The alleged
scheme advertised investment opportunities in a purported real estate
development plan in Arizona and had regional offices in Cleveland, Chicago, and
Sacramento, California, and used investors’ money for the personal enrichment
of the co-founders. Source: http://www.19actionnews.com/story/26335022/two-men-indicted-for-65-millon-investment-fraud

6. August
20, U.S. Department of Justice – (Florida; Illinois) Former
Hillsborough County resident pleads guilty to conspiracy to commit bank, wire
and mail fraud. A Chicago man pleaded guilty August 20 to using his company,
Capital Management Guarantee LLC, to participate in a conspiracy to commit
wire, bank, and mail fraud connected to the purchase of The Arbors apartment
complex in Hillsborough County, Florida, and the sale of condominium units. The
man admitted to helping to induce buyers by offering kickbacks to buyers,
concealing the facts and violating the terms of a loan from Corus Bank. Source:
http://www.justice.gov/usao/flm/press/2014/Aug/20140820_Bolger.html

For additional stories, see items 9 above in Top
Stories and 26 below in the Information Technology
Sector

Information Technology Sector

24. August
21, Softpedia – (International) 38-day long DDoS siege amounts to
over 50 petabits in bad traffic. Incapsula reported that a video game
company client experienced a distributed denial of service (DDoS) attack that
lasted 38 days between June 21 and July 28, used several attack vectors, and
peaked at over 110 Gbps. The attack used techniques separately or at the same
time and was mitigated by Incapsula using a scrubbing server. Source: http://news.softpedia.com/news/38-Day-Long-DDoS-Siege-Amounts-to-Over-50-Petabits-in-Bad-Traffic-455722.shtml

25. August
21, Help Net Security – (International) Most popular Android apps
open users to MITM attacks. FireEye researchers conducted an analysis of
the 1,000 most popular free Android apps in the Google Play store and found
that many contain one or more vulnerabilities that could leave users vulnerable
to man-in-the-middle (MitM) attacks. Source: http://www.net-security.org/secworld.php?id=17279

26. August
20, Securityweek – (International) Graphic library flaw exposes
apps created with Delphi, C++ Builder. Researchers with Core Security
reported identifying a security vulnerability that can affect software with a
specific version of Embarcadero C++ Builder XE6, Embarcadero Delphi XE6, and
possibly other versions. Embarcadero products are used by organizations and
companies in industries including healthcare, financial services, and other
industries to develop in-house applications. Source: http://www.securityweek.com/graphic-library-flaw-exposes-apps-created-delphi-c-builder

Communications Sector

27.
August 20, Journal of The San Juan Islands –
(Washington) CenturyLink faces $173K in fines for November outage. The
Washington State Utilities and Transportation Commission cited CenturyLink with
15,935 violations and proposed $173,000 in fines for failing to communicate
with the commission and its customers during a 10-day outage that left a
majority of the San Juan Islands without telephone, Internet, and cell phone
services during November 2013. Source: http://www.sanjuanjournal.com/news/272083591.html

Links

About Me

U.S. Army Retired Chief Warrant Officer with more than 40 years in information technology and 35 years in information security. Became a Certified Information Systems Security Professional in 1995 and have taught computer security in Asia, Canada and the United States. Wrote a computer security column for 5 years in the 1980s titled "for the Sake Of Security", penname R. E. (Bob) Johnston, which was published in Computer Decisions.
Motto: "When entrusted to process, you are obligated to safeguard"